Apple SMC, The place to be, definitely! (For an implant)

Presented at REcon 2014, June 28, 2014, 4 p.m. (60 minutes).

At NoSuchCon 2013 in Paris, I first revealed the details behind Apple's System Management Controller, and it use of secret keys based on Harry Potter spells to unlock system functionality, as well as "Ninja" Actions. Back then, the research was done on a 2011-era Mac laptop, and only 30% of the SMC had been reversed by me, so much of the presentation was based on early research and no practical attack had yet been developed. For the past year, I have worked on taking apart the SMC on the latest generation Mac computers, starting with the 2012 models, and fully reverse engineering the firmware. Not only has Apple gotten rid of the Harry Potter spell (and replaced it with another, lengthier, secret password), but they have completely changed suppliers and moved to a totally different microcontroller. Taking advantage of the new MCU, they've added validation checks to prevent malicious firmware updates, as well as greatly extended the capabilities and functionality of the SMC.


Presenters:

Links:

Similar Presentations: